A critical vulnerability is found in SBI website by Mr. Abhirup Guha, head trainer of INFO SECURITY SOLUTION on July 15, 2015
Mr. Abhirup Guha has already initiated the bank about such harmful loop hole.
Mr. Guha said “I found a critical bug in SBI website, as the website is down and affected by a TLS based attack ‘LOGJAM'”. Now what is this ‘LOGJAM’?
According to Mr. Guha
Logjam is a new attack against the Diffie-Hellman key-exchange protocol used in TLS. Basically:
The Logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography. This allows the attacker to read and modify any data passed over the connection. The attack is reminiscent of the FREAK attack, but is due to a flaw in the TLS protocol rather than an implementation vulnerability, and attacks a Diffie-Hellman key exchange rather than an RSA key exchange. The attack affects any server that supports DHE_EXPORT ciphers, and affects all modern web browsers. 8.4% of the Top 1 Million domains were initially vulnerable.
Who is affected?
Websites, mail servers, and other TLS-dependent services that support DHE_EXPORT ciphers are at risk for the Logjam attack. We use Internet-wide scanning to measure who is vulnerable.
|Protocol||Vulnerable to Logjam|
|HTTPS — Top 1 Million Domains||8.4%|
|HTTPS — Browser Trusted Sites||3.4%|
|SMTP+StartTLS — IPv4 Address Space||14.8%|
|POP3S — IPv4 Address Space||8.9%|
|IMAPS — IPv4 Address Space||8.4%|
Websites that use one of a few commonly shared 1024-bit Diffie-Hellman groups may be susceptible to passive eavesdropping from an attacker with nation-state resources. Here, we show how various protocols would be affected if a single 1024-bit group were broken in each protocol, assuming a typical up-to-date client (e.g., most recent version of OpenSSH or up-to-date installation of Chrome).
Reasons to worry about Logjam vulnerability:
- The flaw allows an attacker to trick a web browser into believing that it is using a regular key, not the export key version.
- Many PCs reuse the same large numbers to generate the keys, which makes them easier for attackers to crack.
- The flaw has been present for more than 20 years affecting HTTPS, SSH, IPsec, SMTPS, and other protocols that rely on TLS.